ISSAP Information Systems Security Architecture Professional v6.0 (CISSP-ISSAP)

Page:    1 / 16   
Total 240 questions

An organization wants to allow a certificate authority to gain access to the encrypted data and create digital signatures on behalf of the user. The data is encrypted using the public key from a user's certificate. Which of the following processes fulfills the above requirements?

  • A. Key escrow
  • B. Key storage
  • C. Key revocation
  • D. Key recovery


Answer : A

You work as a CSO (Chief Security Officer) for Tech Perfect Inc. You want to perform the following tasks: Develop a risk-driven enterprise information security architecture. Deliver security infrastructure solutions that support critical business initiatives. Which of the following methods will you use to accomplish these tasks?

  • A. Service-oriented architecture
  • B. Sherwood Applied Business Security Architecture
  • C. Service-oriented modeling framework
  • D. Service-oriented modeling and architecture


Answer : B

Which of the following should the administrator ensure during the test of a disaster recovery plan?

  • A. Ensure that the plan works properly
  • B. Ensure that all the servers in the organization are shut down.
  • C. Ensure that each member of the disaster recovery team is aware of their responsibility.
  • D. Ensure that all client computers in the organization are shut down.


Answer : A,C

The network you administer allows owners of objects to manage the access to those objects via access control lists. This is an example of what type of access control?

  • A. RBAC
  • B. MAC
  • C. CIA
  • D. DAC


Answer : D

Which of the following encryption methods does the SSL protocol use in order to provide communication privacy, authentication, and message integrity? Each correct answer represents a part of the solution. Choose two.

  • A. Public key
  • B. IPsec
  • C. MS-CHAP
  • D. Symmetric


Answer : A,D

You work as a Project Manager for Tech Perfect Inc. You are creating a document which emphasizes the formal study of what your organization is doing currently and where it will be in the future. Which of the following analysis will help you in accomplishing the task?

  • A. Cost-benefit analysis
  • B. Gap analysis
  • C. Requirement analysis
  • D. Vulnerability analysis


Answer : B

You work as an Incident handling manager for Orangesect Inc. You detect a virus attack incident in the network of your company. You develop a signature based on the characteristics of the detected virus. Which of the following phases in the Incident handling process will utilize the signature to resolve this incident?

  • A. Eradication
  • B. Identification
  • C. Recovery
  • D. Containment


Answer : A

Which of the following are the primary components of a discretionary access control (DAC) model? Each correct answer represents a complete solution. Choose two.

  • A. User's group
  • B. File and data ownership
  • C. Smart card
  • D. Access rights and permissions


Answer : B,D

Andrew works as a Network Administrator for Infonet Inc. The company's network has a
Web server that hosts the company's Web site. Andrew wants to increase the security of the Web site by implementing Secure Sockets Layer (SSL). Which of the following types of encryption does SSL use? Each correct answer represents a complete solution. Choose two.

  • A. Synchronous
  • B. Secret
  • C. Asymmetric
  • D. Symmetric


Answer : C,D

Which of the following refers to a location away from the computer center where document copies and backup media are kept?

  • A. Storage Area network
  • B. Off-site storage
  • C. On-site storage
  • D. Network attached storage


Answer : B

An organization is seeking to implement a hot site and wants to maintain a live database server at the backup site. Which of the following solutions will be the best for the organization?

  • A. Electronic vaulting
  • B. Remote journaling
  • C. Remote mirroring
  • D. Transaction logging


Answer : C

Sam is creating an e-commerce site. He wants a simple security solution that does not require each customer to have an individual key. Which of the following encryption methods will he use?

  • A. Asymmetric encryption
  • B. Symmetric encryption
  • C. S/MIME
  • D. PGP


Answer : B

Which of the following is a method for transforming a message into a masked form, together with a way of undoing the transformation to recover the message?

  • A. Cipher
  • B. CrypTool
  • C. Steganography
  • D. MIME


Answer : A

Which of the following types of firewall functions at the Session layer of OSI model?

  • A. Circuit-level firewall
  • B. Application-level firewall
  • C. Packet filtering firewall
  • D. Switch-level firewall


Answer : A

You want to implement a network topology that provides the best balance for regional topologies in terms of the number of virtual circuits, redundancy, and performance while establishing a WAN network. Which of the following network topologies will you use to accomplish the task?

  • A. Bus topology
  • B. Fully meshed topology
  • C. Star topology
  • D. Partially meshed topology


Answer : D

Page:    1 / 16   
Total 240 questions